Reporting: Manage an Alert and Alert Template

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Oct 15, 2017
Version 9Show Document
  • View in full screen mode

You can manage alerts, scheduled alerts, and alert templates using the following procedures.

Manage an Alert

Depending on the access permissions set for the user role, you can modify or delete, import and export, enable or disable alerts, view or refresh an alert list.

Access Control for an Alert When a Single Alert is Selected

To set access permissions for an alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert List panel, select an alert.
  4. Click > Permissions.
    The Alert Permissions dialog box is displayed.
  5. Based on the user role, select the appropriate options.
  6. (Optional) Select the checkbox if you want to automatically provide read access permission to dependent rules.

Note: When the check box is selected, all dependent rules with the No access permission will be given the READ access permission.

  1. Click Save.
    A confirmation message that the permission is successfully set for the selected alert is displayed.

Access Control for an Alert When Multiple Alerts are Selected

To change permissions of multiple alerts:

  1. In the Alert List panel, select all the alerts whose permissions must be set.
  2. Click > Permissions.
    The Alert Permissions dialog box is displayed.
  3. Select the permission to set for the respective user role.
  4. Click Save.
    A confirmation message that the permission is successfully set for all the selected alerts is displayed.

Edit an Alert

For example, if you want to be notified about the alert over an email on a different Email ID, you will have to modify the alert notification section with the new Email ID details to be reverted over an email when an alert is generated. Additionally, you can also modify the alert description and alert notification in the Create or Modify Alert panel.

To edit an alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert List panel, select an alert and click .
    The Create or Modify Alert tab is displayed.
    edit alert
  4. In the Rule Basis field, navigate the rule tree and select another rule.
    The Rule name is displayed in the Rule Basis field.

  5. (Optional) Select a data source from the Data Sources drop-down list.

    Note: If the data source is not listed, then ensure you have Read permissions set for the data source. This is applicable for NWDB and Warehouse data source. For more information, see Configure Data Source Permissions topic in the Host and Services Configuration Guide.

  6. (Optional) Modify the alert description in the Description field.
  7. Modify the appropriate Notification tabs – RECORD, SMTP, SNMP, and Syslog.
  8. Click Save.
    A confirmation message that the alert is modified successfully is displayed.

Delete an Alert

To delete an alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert List panel, select the alert and click .
    A warning dialog asks for confirmation that you want to remove the selected alerts.
    delete warning message
  4. Click Yes to delete the alert.
    A confirmation message that the alert is deleted successfully is displayed and the selected alert is deleted from the Alert List panel.

Import an Alert

To import an alert from other instances of NetWitness in the Alerts List panel:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click options button > Import.
    The Import Alert dialog box is displayed.
  4. Click Browse to select the binary file.
    NetWitness provides a file system view of the files. You can import multiple alerts at a time. To select multiple alerts, select the checkbox of the alert to be imported.
  5. Locate the binary file, and click Open.
    The file is added to the Import Alert list.
  6. (Optional) To overwrite any existing alert in the library with an identically named alert in the binary file when importing, select the Alert checkbox. If you do not select the Overwrite option, and an identical alert is encountered in the binary file, the binary file is imported and no error message is displayed.
  7. Click Import to import the binary file.

Export an Alert

To export an alert to an external file that can be later imported to NetWitness:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert List panel, select an alert and click options button and do one of the following:
    • Export - This selection exports an alert in a .zip file.
    • Export as Text - This selection exports all the content from the Reporting Engine in a .zip file which contains the data in text format.

      You can export multiple alerts at a time. To select multiple alerts, check the checkbox of the alert to be exported.

  4. Click options button > Export.
    The exported binary file is saved to the local drive.

Enable an Alert

To enable an alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert List panel, select the alert that displays in the Enabled column.
  4. Click .
    A confirmation message shows that the change to the alert(s) state was successful.

Disable an Alert

To disable an alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.

  2. Click Alerts.
    The Alert view is displayed.

  3. In the Alert List panel, select the alert that displays  in the Enabled column.
  4. Click .
    A confirmation message shows that the alert(s) status is changed successfully.

View an Alert List

To view an alert list:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click View Alerts.
    The View Alerts view tab is displayed.
  4. Select the last number of days from the drop-down list.
  5. Enter a value for the Max no of alerts.
    The alerts list is displayed based on the chosen filter value.

Refresh an Alert List

To refresh the list of alerts:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. From the Alert toolbar, click to refresh the alerts list.
    The Alert List panel is refreshed.

Manage a Scheduled Alert

You can enable or disable a scheduled alert, and view all scheduled alerts.

Enable a Scheduled Alert

To enable a scheduled alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.

  2. Click Alerts.
    The Alert view is displayed.

  3. Click .
    The View Alerts Schedule view tab is displayed.
  4. In the Alerts Schedule List panel, select the scheduled alert (s) to be enabled.
  5. Click .
    A confirmation message indicates that the alert(s) status is changed successfully and the alert is now available in the Alert List panel.

Disable a Scheduled Alert

To disable a scheduled alert:

  1. Select Monitor> Reports.
    The Manage tab is displayed.

  2. Click Alerts.
    The Alert view is displayed.

  3. Click .
    The View Alerts Schedule view tab is displayed.
  4. In the Alerts Schedule List panel, select the scheduled alert (s) to be disabled.
  5. Click .
    A confirmation message indicates that the alert(s) status is changed successfully and the alert is now available in the Alert List panel.

View all Alerts Scheduled

To view all the alerts scheduled:

  1. Select Monitor> Reports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click View Schedule.
    The View Alerts Schedule view is displayed with a list of all the scheduled alerts.

Manage an Alert Template

You can modify or delete an alert template, and view all alert templates.

Edit an Alert Template

To edit an alert template:

  1. Select MonitorReports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. Click template_icon.png.
    The Template view is displayed.
  4. In the Template List panel, select a template and click .
    The Create/Modify Template dialog box is displayed.
  5. Click Save.
    A confirmation message that the template is modified successfully is displayed.

Delete an Alert Template

To delete an alert template:

  1. Select MonitorReports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. Click template_icon.png.
    The Template view tab is displayed.
  4. In the Template List panel, select a template and click.
    A confirmation dialog is displayed.
    delete template warning message
  5. Click Yes to delete the template.
    A confirmation message that the template is deleted successfully is displayed.

View all Alert Templates

To view all alert template messages:

  1. Select MonitorReports.
    The Manage tab is displayed.
  2. Click Alerts.
    The Alert view is displayed.
  3. In the Alert toolbar, click Template.
    The Template view tab is displayed with a list of templates.
Previous Topic:Investigate an Alert
You are here
Table of Contents > Manage Alerts and Alert Templates

Attachments

    Outcomes